Lucene search
+L

77 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 7:47 a.m.9 views

CVE-2024-46278

Teedy 1.11 is vulnerable to Cross Site Scripting XSS via the management console...

8.4CVSS6AI score0.02611EPSS
Exploits3References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:10 a.m.11 views

CVE-2024-54852

When LDAP connection is activated in Teedy versions between 1.9 to 1.12, the username field of the login form is vulnerable to LDAP injection. Due to improper sanitization of user input, an unauthenticated attacker is then able to perform various malicious actions, such as creating arbitrary...

9.8CVSS7.5AI score0.00743EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:10 a.m.9 views

CVE-2024-54851

Teedy = 1.12 is vulnerable to Cross Site Request Forgery CSRF, due to the lack of CSRF protection...

8.8CVSS8.8AI score0.0025EPSS
Exploits1References1
Packet Storm
Packet Storm
added 2025/04/16 12:0 a.m.256 views

📄 Teedy 1.11 Cross Site Scripting

Teedy version 1.11 suffers from a persistent cross site scripting vulnerability. Exploit Title: Teedy 1.11 - Account Takeover via Stored Cross-Site Scripting XSS Exploit Author: Ayato Shitomi @ Fore-Z co.ltd Demo Video: https://www.youtube.com/watch?v=udQgVogsmhA Vendor Homepage: https://teedy.io...

8.4CVSS6.3AI score0.02611EPSS
Exploits3
Exploit DB
Exploit DB
added 2025/04/16 12:0 a.m.263 views

Teedy 1.11 - Account Takeover via Stored Cross-Site Scripting (XSS)

Exploit Title: Teedy 1.11 - Account Takeover via Stored Cross-Site Scripting XSS Exploit Author: Ayato Shitomi @ Fore-Z co.ltd Demo Video: https://www.youtube.com/watch?v=udQgVogsmhA Vendor Homepage: https://teedy.io/ Software Link: https://github.com/Tomblib0/Teedy Version: 1.11 Tested on: Linux...

8.4CVSS7.4AI score0.02611EPSS
Exploits3
RedhatCVE
RedhatCVE
added 2025/02/06 2:29 a.m.17 views

CVE-2025-22963

Teedy through 1.11 allows CSRF for account takeover via POST /api/user/admin...

7.5CVSS7AI score0.00272EPSS
Exploits0References1
OSV
OSV
added 2025/01/29 10:15 p.m.8 views

CVE-2024-54852

When LDAP connection is activated in Teedy versions between 1.9 to 1.12, the username field of the login form is vulnerable to LDAP injection. Due to improper sanitization of user input, an unauthenticated attacker is then able to perform various malicious actions, such as creating arbitrary...

9.8CVSS5.9AI score0.00743EPSS
Exploits1References1
OSV
OSV
added 2025/01/29 10:15 p.m.7 views

CVE-2024-54851

Teedy = 1.12 is vulnerable to Cross Site Request Forgery CSRF, due to the lack of CSRF protection...

8.8CVSS5.8AI score0.0025EPSS
Exploits1References1
NVD
NVD
added 2025/01/29 10:15 p.m.23 views

CVE-2024-54851

Teedy = 1.12 is vulnerable to Cross Site Request Forgery CSRF, due to the lack of CSRF protection...

8.8CVSS0.0025EPSS
Exploits1References1
NVD
NVD
added 2025/01/29 10:15 p.m.13 views

CVE-2024-54852

When LDAP connection is activated in Teedy versions between 1.9 to 1.12, the username field of the login form is vulnerable to LDAP injection. Due to improper sanitization of user input, an unauthenticated attacker is then able to perform various malicious actions, such as creating arbitrary...

9.8CVSS0.00743EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/01/29 12:0 a.m.10 views

CVE-2024-54851

Teedy = 1.12 is vulnerable to Cross Site Request Forgery CSRF, due to the lack of CSRF protection...

8.8AI score0.0025EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2025/01/29 12:0 a.m.13 views

PT-2025-3080 · Teedy · Teedy

Name of the Vulnerable Software and Affected Versions: Teedy versions 1.12 and earlier Description: The issue is related to Cross Site Request Forgery CSRF, which occurs due to the lack of CSRF protection. Recommendations: For Teedy versions 1.12 and earlier, as a temporary workaround, consider...

8.8CVSS7AI score0.0025EPSS
Exploits1References5
Cvelist
Cvelist
added 2025/01/29 12:0 a.m.27 views

CVE-2024-54851

Teedy = 1.12 is vulnerable to Cross Site Request Forgery CSRF, due to the lack of CSRF protection...

0.0025EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/01/29 12:0 a.m.5 views

Teedy 安全漏洞

Teedy is a French Teedy open source open source, lightweight document management system for individuals and businesses. A security vulnerability exists in Teedy 1.12 and earlier versions, which stems from a lack of cross-site request forgery CSRF protection and vulnerability to cross-site request...

8.8CVSS6.6AI score0.0025EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2025/01/29 12:0 a.m.7 views

PT-2025-3081 · Teedy · Teedy

Name of the Vulnerable Software and Affected Versions: Teedy versions 1.9 through 1.12 Description: The issue arises when the LDAP connection is activated, allowing an unauthenticated attacker to exploit the username field of the login form due to improper sanitization of user input. This enables...

9.8CVSS6.9AI score0.00743EPSS
Exploits1References6
CNNVD
CNNVD
added 2025/01/29 12:0 a.m.11 views

Teedy 安全漏洞

Teedy is an open source, lightweight document management system for individuals and businesses open-sourced by Teedy France. A security vulnerability exists in Teedy versions 1.9 through 1.12, which stems from improper cleanup of user input and allows an unauthenticated attacker to perform variou...

9.8CVSS6.9AI score0.00743EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/01/29 12:0 a.m.16 views

CVE-2024-54852

When LDAP connection is activated in Teedy versions between 1.9 to 1.12, the username field of the login form is vulnerable to LDAP injection. Due to improper sanitization of user input, an unauthenticated attacker is then able to perform various malicious actions, such as creating arbitrary...

0.00743EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/01/29 12:0 a.m.9 views

CVE-2024-54852

When LDAP connection is activated in Teedy versions between 1.9 to 1.12, the username field of the login form is vulnerable to LDAP injection. Due to improper sanitization of user input, an unauthenticated attacker is then able to perform various malicious actions, such as creating arbitrary...

9.8AI score0.00743EPSS
Exploits1References1
CVE
CVE
added 2025/01/29 12:0 a.m.69 views

CVE-2024-54851

CVE-2024-54851 affects Teedy up to version 1.12, where CSRF protection is lacking, enabling CSRF attacks as described in multiple sources (CVSSv3.1: 8.8, HIGH). The vulnerability concerns the web UI flow and request handling, with no explicit exploitation details in the provided documents. Red Ha...

8.8CVSS8.8AI score0.0025EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2025/01/29 12:0 a.m.55 views

CVE-2024-54852

Teedy CVE-2024-54852 affects Teedy versions 1.9–1.12. The LDAP injection arises from improper sanitization of the username field in the LDAP login flow, enabling an unauthenticated attacker to perform actions such as creating arbitrary accounts and spraying passwords. Remediation: update LDAP han...

9.8CVSS7.1AI score0.00743EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder